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. Abstract 

' In this chapter, we consider a class of discrete dynamical systems defined on the homogeneous 

[ space associated with a regular tiling of M^, whose most familiar example is provided by the 

' A'^— dimensional torus T^. It is proved that any dynamical system in this class is chaotic in the 

'"^ I sense of Devaney, and that it admits at least one positive Lyapunov exponent. Next, a chaos- 

' synchronization mechanism is introduced and used for masking information in a communication 

setup. 
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1 Introduction 



. Chaos synchronization has exhibited an increasing interest in the last decade since the pioneering 

I works reported in pl| , p2| , and it has been advocated as a powerful tool in secure communication 

ll3l| , |30| , IToj |3^ , m. Chaotic systems are indeed characterized by a great sensitivity to the initial 
conditions and a spreading out of the trajectories, two properties which are very close to the 
Shannon requirements of confusion and diffusion [0] . 
^ ' There are basically two approaches when using chaotic dynamical systems for secure commu- 

■ nications purposes. The first one amounts to numerically computing a great number of iterations 



of a discrete chaotic system, in using e.g. the message as initial data (see and the references 
therein). The second one amounts to hiding a message in a chaotic dynamics. Only a part of 
the state vector (the "output") is conveyed through the public channel. Next, a synchronization 
mechanism is designed to retrieve the message at the receiver part (see [27| and the references 
therein). 

In both approaches, the first difficulty is to "build" a chaotic system appropriate for encryption 
purposes. In this context, the corresponding chaotic signals must have no patterning, a broad-band 



power spectrum and an auto-correlation function that quickly drops to zero. In [23], a mean for 
synthesizing volume-preserving or volume expanding maps is provided. For such systems, there 
are several directions of expansion (stretching), while the discrete trajectories are folded back into 
a confined region of the phase space. Expansion can be carried out by unstable linear mappings 
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with at least one positive Lyapunov exponent. Folding can be carried out with modulo functions 
through shift operations, or with triangular, trigonometric functions through reflexion operations. 
Fully stretching piecewise affine Markov maps have also attracted interest because such maps are 
expanding in all directions and they have uniform invariant probability densities (see [ p8| , |8|). 

Besides, we observe that the word "chaotic" has not the same meaning everywhere, and that 
the chaotic behavior of a system is often demonstrated only by numerical evidences. The first aim 
of this chapter is to provide a rigorous analysis, based on the definition given by Devaney |^], of 
the chaotic behavior of a large class of affine dynamical systems defined on the homogeneous space 
associated with a regular tiling of M^. Classical piecewise affine chaotic transformations, as the 
tent map, belong to that class. The dimension may be arbitrarily large in the theory developed 
below, but, for obvious reasons, most of the examples given here will be related to regular tilings 
of the plane (A^ = 2). The study of the subclass of (time-invariant or switched) affine systems on 
T^, the A^— dimensional torus, is done in p^, 27 1. The folding for this subclass is carried out with 



modulo maps, which, from a geometric point of view, amounts to "fold back" to [0, 1)^ by 
means of translations by vectors in . Those translations are replaced here by all the isometrics of 
some crystallographic group for an arbitrary regular tiling of M^. Notice also that the fundamental 
domain used in the numerical implementation may be chosen with some degree of freedom. It may 
be a hypercube (as [0,1)^ for T^), or a polyhedron, or a more complicated bounded, connected 
set in R^. 

For ease of implementation and duplication, a cryptographic scheme must involve a map for 
which the parameters identification is expected to be a difficult task, while computational require- 
ments for masking and unmasking information are not too heavy. The second aim of this chapter 
is to show that all these requirements are fulfilled for the class of dynamical systems considered 
here. The way of extracting the masked information is provided through an observer-based syn- 
chronization mechanism with a finite-time stabilization property. 

Let us now describe the content of the chapter. Section 2 is devoted to the mathematical 
analysis of the chaotic properties of the following discrete dynamical system 

(1.1) Xk+i = Axk + B (mod G) 

where yl G Z^^^, 5 G R^, and (mod G) means roughly that Xk+i is the point in the fundamental 



domain 7~ derived from Ax^ + -B by some transformation g in the group G. (LI) may be viewed 
as a "realization" in T C R^ of an abstract dynamical system on the homogeneous space R^/G 
of classes modulo G. The torus corresponds to the simplest case when G is the group of all the 
translations of vectors u G and the fundamental domain is T = [0, 1)^. Note that most of the 
examples encountered in the literature are given only for the torus T'^ with = 1 and 1^41 ^ 2, or 
for A^ = 2 and det A = 1 (see e.g. Q). We give here a sufficient condition for ( |1.1[ ) to be chaotic in 
the sense of Devaney for any given regular tiling of R^ (A^ ^ 1), and we investigate the Lyapunov 
exponents of ( |1.1D and the equirepartition of the trajectories of ( |1 . 1] ) . 

Finally, a masking/unmasking technique based on a dynamical embedding is proposed in Section 

3. 

2 Chaotic dynamical systems and regular tilings of 

2.1 Chaotic dynamical system 

Let (M, d) denote a compact metric space, and let / : M — )• M be a continuous map. The following 
definition of a chaotic system is due to Devaney Q . 

Definition 1 The discrete dynamical system 

(S) Xk+i = f{xk) 
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is said to be chaotic if the following conditions are fulfilled: 

(CI) (Sensitive dependence on initial conditions) There exists a number e > such that for any 
xq ^ M and any (5 > 0, there exists a point G M with d(xQ,yQ) < 6 and an integer k ^ such 
that d{xk,yk) > e; 

(C2) (One-sided topological transitivity) There exists some xq €z M with {xk)k^o dense in M ; 
(C3) (Density of periodic points) The set D = {xq S M; 3/c > 0, x^ = xq} is dense in M . 

Recall [H, Thm 5.9], [||, Thm 1.2.2] that when / is onto (i.e., /(M) = M), the one-sided topological 
transitivity is equivalent to the condition: 

(C2') For any pair of nonempty open sets U, V in M, there exists an integer k ^ such that 

f-''{u) n F / ( ^ un f\v) / 0). 

2.2 Regular tiling of 

An isometry g of is a map from into M"^ such that ||5(-^) — 5(^)|| = H-'^ ~ ^|| for 
X, y £ R-^. Let G be a group of isometrics of such that for any point X G the orbit of X 
under the action of G, namely the set 

G-X = {g{X)- geG], 

is closed and discrete. Let P C be a compact, connected set with a nonempty interior. Following 
1^], we shall say that the pair (G, P) constitutes a regular tiling of if the two following conditions 
are fulfilled: 

(2.2) U g{P) = 

(2.3) V5,/iGG [g{p)r\h{p)^% g = h). 

o 

Recall that P stands for the interior of P, that is 

P= {x £ P- 3£> 0, B{x,e) C P}. 

The set P C is termed a fundamental tile, and the group G a crystallographic group. An 
example of a regular tiling of with a triangular fundamental tile is represented in Fig. |l[ 

Note that a point X G may in general be obtained in several ways as the transformation 
of a point in P by an isometry in G. We introduce a set 7", called a fundamental domain, with 

o 

PC T C P and such that 

(2.4) Ug(r)=M^ 

g€G 

(2.5) VX, X' €T, yg€G {X' = g{X) X' = X) . 
Introducing the equivalence relation in 

X^Y ^ 35 gG, Y = g{X), 

we denote hy x = X the class of X for ~, i.e. x = {g{X); g £ G} = G ■ X. When several groups 

Q 

are considered at some time, we denote by X the class of X modulo G. Finally, we introduce 
the homogeneous space of cosets m = (M^/G) = {x = X;X £ R^}, and define on it the following 
metric 

d(X,Y)=mn\Y-g{X)\\. 
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Figure 1: A regular tiling of M? with a triangular fundamental tile. 

The natural covering mapping vr : — t- H, defined by vr(X) = X, satisfies 

d{Tr{X),7r{Y)) ^ \\X-Y\\, 

hence it is continuous. It follows that H = vr(P) is a compact metric space. On the other hand, 
the restriction of vr to T is a bijection from T onto M. We may therefore define the projection 
vj : —7- 7" by w{X) = (7r|7-)~-^7r(X). Note that vj is in general not continuous when T is 
equipped with the topology induced from M^, while it is continuous when 7~ is endowed with the 
topology inherited from M. 

The simplest example of a regular tiling of is provided by the group of translations by 
vectors with integral coordinates (which is isomorphic to the lattice subgroup) 

(2.6) G = {tu, n G Z^} ~ Z^, 

where tu{X) = X + u. In such a situation, a fundamental tile (resp. domain) is given by P = [0, 1]^ 
(resp. T = [0, 1)^), and the homogeneous space H is the standard A^— dimensional torus T^. A 
classification (up to isomorphism) of the crystallographic groups of has been done for a long 
time for A ^ 3. There are 17 such groups in M^, and 230 groups in M'^, see ^. 

2.3 AfRne transformation 

We aim to define "simple" chaotic dynamical systems on M = H by using affine transformations. 
Assume given a matrix A G Z^^^ and a point B G M^. The following hypotheses will be used at 
several places in the chapter. 
(HI) 

VA, A' G M" (A ~ A' ^ ylA + 5 ~ AX' + B) 

i.e. A' = g{X) for some g £ G implies AX' + B = g'{AX + B) for some g' G G; 

(H2) There exist a subgroup G' C G of translations and a finite collection of isometrics (gj)f=i in 

G such that 

(i) G is spanned as a group by the isometries in G' U {gi)i=i; 

(ii) G' = {tu, u = J2iLi Vi^i^ y = {yi)i=i ^ fo^" some basis (tij)ili of M^; 
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(iii) Setting P' := Ui^i^k diiP) we have that {C, P') is a regular tihng of M.^ . We denote by T' 
a fundamental domain for (G',P'). 



(HI) is a compatibility condition needed to define a dynamical system on M. If G is given by (p.6|), 
then (HI) holds for any A e Z^^^ and any B G M^. However, if 



N 



(2.7) 



G = n = ^ yjUj, y = (yi)ili G Z^} 



i=l 



for some basis {ui)fLi of M , then (HI) holds if and only if 



(2.8) 



vNxN 



where U is the N x N matrix with Uj as ith column for 1 ^ i ^ N . 

(H2) allows to decompose the projection w onto T into a projection onto T' , a fundamental 
domain for the regular tiling (G',P') of involving only translations, followed by a projection 
from T' onto T. 

Example 2 Let G =< ti,t2,r > and G' =< ti,t2 >, where ti{X) = X + (1,-1), t2{X) = 
X + (1,1), and r{Xi^X2) = (— X2,Xi). Pick k = A and (gi, 92, 93, di) = {r^r"^ ,id). Take 
as fundamental tiles P = {X = {Xi,X2)\l ^ Xi ^ 2, ^ X2 ^ 2 — Xi} (solid line) and 
P' = p\j r{P) U r^{P) U r^{P) (broken line) (see Fig. |j. 



X 





\ — 1 




\—\ 




\ — 1 
1_\ 








\ — 1 
1_\ 




\ — ' 

1 N. 




1 






X 



Figure 2: A regular tiling of with a triangular fundamental tile. 



Assume that (HI) holds. Then we may define 



AX + B := AX + B 



for any X G M^. Thus we may consider the dynamical system {Tia,b) on EI defined by 
(2.9) (S^,ij) 

The map / is called an affine transformation of 
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xk+i = f{xk) ■■= Axk + B, 
xq G M. 



Example 3 Let N = 1, and let G =< t,s > be the group spanned by the translation t(X) = X + 2 
and the symmetry s[X) = 2 — X. Set P = [0,1]. Then {G,P) constitutes a regular tiling o/M. 
Note that P is also a fundamental domain. Pick (A, B) = (2,0) G M^. (HI) and (H2) are satisfied 
with G' = u G 2Z}, k = 2, gi = s and g2 = = id. Let us write the realization of ( |2.9D in P. 
Obviously, AX e P for X < 1/2, while s{AX) = 2(1 - X) E P for 1/2 ^ X ^ 1. Viewed in 
P = [0, 1], the dynamics reads then 

(2.10) Xk+i = h{xk) 

where h is the familiar tent map (see Fig. ^ 
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Figure 3: A : Action of s and t; B : the tent map 



hix) 



2x if0^x<i, 
2(1 -x) ifi^x^l. 



It follows from Theorem (see below) that ( |2.10 ) is chaotic on [0,1]. 



When H = and i? = 0, / is nothing else than an endomorphism of the topological group 
(T^,+), and / is onto (resp., an isomorphism) if and only if det A (resp., det A = ±1) (see 
p5| , Thm 0.15]). Let sp(A) denote the spectrum of the matrix A, that is the set of the eigenvalues 
of A. A root of unity is any complex number of the form A = exp(27rit), with i G Q. To see whether 
a dynamical system (Tja,b) is chaotic, we need the following key result |3^, Thm 1.11]. 

Proposition 4 Let f{x) = Ax + b (b ^ , A G Z^^^ with det A ^ 0) be an affine transforma- 
tion ofT^. Then the following conditions are equivalent: 
(i) i^A.b) is one-sided topologically transitive; 

(a) (a) A has no proper roots of unity (i.e., other than 1) as eigenvalues, and 

(b) {A - /)T^ + Zb is dense in ; 
(Hi) f is ergodic; that is, f is measure-preserving (i.e. for any Borel set E C T^, m{f~^{E)) = 

m{E), where m denotes the Lebesgue measure on T^j, and the only Borel sets E C for 

which f~^{E) = E satisfy m{E) = or m{E) = 1. 

Notice that (ii) reduces to "A has no roots of unity as eigenvalues" when 6 = 0. Indeed, it may be 
seen that {A — I)T^ is dense in T''^ if and only if {A — I) is invertible. 

2.4 Endomorphism of 

The first result in this chapter, which comes from [^], provides a necessary and sufficient condition 
for Syi,o to be chaotic in T^. 

Theorem 5 Let A G Z^^^. Then (S^.o) is chaotic in if, and only if, det A / and A has 
no roots of unity as eigenvalues. 
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Proof. Assume first that (S^g) is chaotic. We first claim that A is nonsingular. Indeed, if 
det A = 0, then the map / defined in Q is not onto |3|, Thm 0.15], i.e. AT^ / T^. As AT^ 



is compact (hence equal to its closure), it is not dense in T^, hence we cannot find some state 
xo € TT^ such that the sequence (x^) = (A'^xq) is dense in T^, which contradicts (C2). Thus 
det A ^ 0. On the other hand, since (^Afl) is one-sided topologically transitive, the matrix A has 
no roots of unity as eigenvalues by virtue of Proposition ^. 

Conversely, assume that det A 7^ and that A has no roots of unity as eigenvalues. As (CI) 
is a consequence of (C2) and (C3) (see [j|],|34, Thm 1.3.1]), we only have to establish the later 



properties. (C2) follows from Proposition ^ To prove (C3) we need to prove two lemmas. 

Lemma 6 Let A G ^^x^ such that det A 0, and pick any p G N* with {p,detA) = 1 (i.e. p 
and det A are relatively prime). Then the map r : X G {Z/pZ)^ ^ Ax£ (Z/pZ)^ is invertible. 

Proof of Lemma First, observe that the map T is well-defined. Indeed, ii X,Y G Z^ fulfill 
X - Y £ (pZ)^, then AX - AY G (pZ)^ so that AX and AY belong to the same coset in 
(Z/pZ)'^ = Z^ / (pZ)'^ . As (Z/pZ)'^ is a finite set, we only have to prove that T is one-to-one. Let 
X,Y eZ^ be such that AX = AY in (Z/pZ)^ (i.e., A{X - Y) e (pZ)^). We aim to show that 
X = Y in (Z/pZ)'^ (i.e., X -Y e (pZ)'^). SetU = X -Y, and pick a vector Z G such that 
AU = pZ. It follows that U = a ' ^^^^^ ^ ^ Z^^^ denotes the adjoint matrix of A (i.e. 
the transpose of the matrix formed by the cofactors). Since U G Z^ , each component of the vector 
pAZ is divisible by det A. Since (p, det A) = 1, we infer the existence of a vector V G such 
that AZ = (det A)V. Then X-Y = U = pVe {pZ)^ , as desired. ■ 



Lemma 7 Let A and p he as in Lemma |^ and let Ep := {0, (^), (^^)} C T. Then each point 
X G Ep is periodic for (EAfi). As a consequence, the set of periodic points of (^a,o) is dense in 
(i.e., (C3) is satisfied). 

Proof of Lemma First, observe that for any i,j G {0, ...,p — 1}, i/p = j /p (mod 1) if and only 
\i i = j (mod p). We infer from Lemma ^ that the map T : x G Ep 1— )• Ax G Ep is well defined 
and invertible. Pick any x G Ep . As the sequence {T^x)k^i takes its values in the (finite) set 
Ep , there exist two numbers k2 > ki ^ 1 such that T^^x = T^'^x. T being invertible, we conclude 
that A^'^~^'^x = X (i.e., x is a periodic point). Finally, the set E = \j{Ep ] p ^ 1, (p, det A) = 1} 
is clearly dense in (take for p any large prime number), and all its points are periodic. This 
completes the proof of Lemma and of Theorem ^. ■ 

For an affine transformation, we obtain a result similar to Theorem ^ when 1 sp(A). 

Corollary 8 Let A G Z^^^ and b G T^. Assume that 1 is not an eigenvalue of A. Then {'^A,b) 
is chaotic in if, and only if, det A ^ and A has no roots of unity as eigenvalues. 

Proof. Pick any B G with B = b. As 1 sp(j4), we may perform the change of variables 
(2.11) X = r - {A- Ly^B, 

which transforms ( p. 91 ) into 

(2.12) 

Clearly, the conditions (C2) and (C3) are fulfilled for (Sa,^) if; and only if, they are fulfilled for 
( 2.12| ). Therefore, the result is a direct consequence of Theorem ^. ■ 



rfc+i = Ark, 

ro = xo + {A 



L)-^B. 
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Corollary 9 Let G he defined by for some basis {ui)fL^ ofR^. Let A G Z^^^ and B G 
Assume that (2.8) holds and that 1 is not an eigenvalue of A. Then {'Ea,b) is chaotic in EI = M^/G 
if, and only if, det A ^ and A has no roots of unity as eigenvalues. 

Proof. From Corollary |8|, we know that the dynamical system on T'^ 

(2.13) Zfc+i = f{zk) := U-^AUzk + U'^B 

is chaotic if, and only if, det A ^ and A has no roots of unity as eigenvalues. To prove that the 
dynamical system on EI = M.^ /G 

(2.14) Xk+i = f{xk) := Axk + B 

is chaotic under the same conditions, it is sufficient to prove that the maps / : EI — )• EI and 
/ : — )• are topologically conjugate; i.e., there exists a homeomorphism /i : EI — )• such 
that ho f = f o k. Define h by h{X) = Z where Z = U~^X, X = G ■ X is the class of X in EI and 
Z is the class of Z in T'^. Note first that h is well defined and continuous. Indeed, if X' = X + UK 
with K G Z^, then Z' = U~ ^X' = U^'^X + K = Z + K,so that h is well defined. On the other 
hand, the map X G i— )• U^^X G is clearly continuous. Obviously, h is invertible with 
h~^{Z) = X for X = UZ. h is therefore a homeomorphism from EI onto T^. Let us check now 
that ho f = foh. Pick any X G M^. Then 

ho f{X^) = h{AX + B^) = U-^{AX + B) = f{U~^X ) = foh{X^) 

and the result follows. ■ 
We are in a position to state and prove the main result of this chapter. 

Theorem 10 Let {G,P) he a regular tiling ofW, and let {A,B) G Z^x^ x be such that both 
the assumptions (HI) and (H2) are fulfilled. Assume in addition that det A ^ and that A has no 
roots of unity as eigenvalues. Then the discrete dynamical system in M^/G 

(2.15) Xk+i = Axk + B 
is chaotic. 

Proof. Pick any fundamental domain 7" for (G, P), and let G' and T' be as in (H2). In addition to 
( 2.15| ), we shall consider the discrete dynamical system in R^/G' 

(2.16) Zk+i = Azk + B. 

For any given Xq G M^, let xq = and zq = 'X^' ■ Clearly, if X ~ X' (mod G'), then X ~ X' 
(mod G). Therefore, one can define a map p : R^/G' ^ M^/G by piX^ ) = X^ . p is continuous 
and onto. We need two claims. 
Claim 1. Xk = p{zk) for all k. 

Indeed, this is true for /c = 0, and if for some A; ^ 0, Xfe = p{zk) (i.e. for some Xk G M^, Xk = Xk 
and Zk = Xk ), then we have that 

G — —f;P\ 



= AXk + B = p{AXk + B )= p{zk+i) 
which completes the proof of Claim 1. 

Claim 2. The image by p of any dense set in M^/G' is a dense set in M^/G. 
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Let A C /G' be a given dense set. Pick any X G 
pN 1 .1 . — G' 



there exists Y £ 



It follows that 



such that Y £ A and 



d{X^,Y^) 



inf \\Y 



and any e > 0. Since A is dense in R^/G', 



giX)\\<e. 



mn\Y-g{X)\\<e 

g&G 



7G\ 



for G' C G. Since Y = p{Y ) e and the pair {X, e) was arbitrary, this demonstrates that 
^(^4) is dense in M^/G. Claim 2 is proved. 

Let us complete the proof of Theorem 10. To prove that ( |2.15| ) is chaotic, it is sufficient (see ^) 
to check that the conditions (C2) and (C3) are fulfilled. We know from Corollary ^ that ( p.l6| ) is 

chaotic. We may therefore pick Xq G R-'^ so that, setting zq = Xq , the sequence {zk}k^o defined 
by (|2l^ ) is dense in R^/G'. By Claim 1 and Claim 2, the sequence {xk} defined by ( |2.15| ) and 



Xq = Xq' is dense in R^/G; that is, (C2) is fulfilled for ( ^.15 ). On the other hand, the set of 



periodic points for ( |2.16[) is dense in M^/G', since (C3) is fulfilled for ( p.K 
periodic point zq for ( 2.16| ) gives rise to a periodic point xq = p{zq) for 



By Claim 1, any 
By Claim 2, the 



set of periodic points for ( |2.15| ) is dense in R-'^/G; i.e., (C3) is fulfilled for ( 2.15 ). The proof of 
Theorem [1^ is complete. ■ 



Example 11 (i) Let G =< te^,t2e2,s > where te-,{X) = X + (1,0), te^iX) = X + (0,2), 
s{Xi,X2) = {Xi,-X2), and P= [0,1] x [0,1]. Pick G' =< t^^te, >,k = 2, (51,52) = {s,id) 

(see Fig. Finally, pick A = ( ~^ ^] and B = (0.5,-3.2). Note that [A,S] : 



AS -SA = 0, where S 



\ 3 ^ 

J ^1 ^ matrix corresponding to the symmetry s. Then 

(HI) and (H2) are satisfied, sp{A) = {—2,3}, and by Theorem\I^ the dynamical system ( p.9| ) 
is chaotic m H = R^/G. 



Figure 4: G =< tei,t2e2,s >■ 
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(ii) Let G =< t2e„t2e2,suS2 > where t2e,{X) = X + (2,0), tse^W = X + (0,2), Si(Xi,X2) = 
{-Xi,X2), S2{Xi,X2) = {Xi,-X2) = -si{Xi,X2), and P = [0,1] x [0,1]. Pick G' =< 
t2eiMe2 >, k = A, (91,92,93,94) = {si,S2,S2 o si,id). (sce Fig. ||). Finally, pick A = 
—3 \ 

^ Q ] ^'^'^ ^ ~ (—0.2,1.7). Note that AS = —SA, where S is as above. Then (HI) 

and (H2) are satisfied, sp{A) = {±.2i \/3}, and by Theorem 
chaotic inM = R^/G. 



It the dynamical system (p.9|) is 
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Figure 5: G =< t2ei, *2e2, ^i, S2 >• 



2.5 Lyapunov exponents 

Let M denote a compact differentiable manifold endowed with a Riemann metric < u,v >m, and 
let / : M — 7- M be a map of class C^. The following definition is borrowed from [13]. 

Definition 12 A point x £ M is said to be a regular point of f if there exist numbers Ai(x) > 
A2(a;) > • • • > Xmix) and a decomposition 

T^M = Ei{x) ® ■ ■ ■ ® Err,{x) 

of the tangent space TxM of M at x such that 

lim \\n\\{Dxf^)u\\=\j{x) 

for all ^ u £ Ej{x) and every 1 ^ j ^ m. (WvW^ : = < v,v >x Vu G T^M.) The numbers \j{x) 
and the spaces Ej{x) are termed the Lyapunov exponents and the eigenspaces of f at the regular 
point X. 

Assume now that the group G is such that each isometry 9 £ G has no fixed point, i.e. 9{X) 7^ X 
for all X G M^. Then M = M^/G is a smooth flat Riemannian manifold. Before investigating the 
Lyapunov exponents of an affine transformation on H, let us give a few examples. 



Example 13 (i) M = , and more generally, M = R^/G wh ere G is as in (|2.7D ; 

(ii) H = M?/G for G =< t2ei,te2,tei o s > where (61,62) is the canonical basis of R? and 
s{Xi,X2) = {Xi,—X2) (see Fig. |^. EI is then the Klein bottle. The torus and the 
Klein bottle M are the only smooth manifolds obtained in dimension 2. In dimension 3, there 
are 6 smooth manifolds (see Section 3.5.5 p. 117]). 
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Figure 6: The regular tiling of M? associated with the Klein bottle. 



Consider now an affine transformation f{X) = AX + B of H, the pair {A,B) fulfilling (HI). 
Assume also that det A ^ 0. Then for any k ^ 1, 

f'^iX) = Af'X + A^-^B + --- + AB + B. 

o 

Pick a point X GP such that 

A^X + A^-^B + --- + AB + Be UgecgiP) 
(note that such a property holds for almost every X G M^), and an isometry g £ G such that 

g{A''X + A^-^B + ■ ■ ■ + AB + B) £P . 
For \\U\\ sufficiently small, we also have that 

g{A^{X + U) + A'^^^B + ■ ■ ■ + AB + B) £P . 



Therefore {DYf^)U = GA^U, where G = Dg £ M^^^. Since G is an orthogonal matrix, we have 
that ||G^^f7|| = ||A'^C/||. Let fii > ^2 > ■ ■ ■ > fJ-m > denote the absolute values of the eigenvalues 
of A, and let Ei(x) be the direct sum of the generalized eigenspaces (see [^]) associated with the 
eigenvalues whose absolute value is /li, for each i ^ m. Then, using the Jordan decomposition of 
A, we easily see that for any U G Ej\ {0} 

lim yln\\A''U\\ = Innj. 

Observe now that if oi^Ai) does not intersect the circle {zGC; |2;| = 1}, then A has at least one 
eigenvalue A with |A| > 1 (since the product of all the eigenvalues of A is det A G Z \ {0}), hence 
/ admits at least one positive Lyapunov exponent. Therefore, we have proved the following 

Proposition 14 Let (G, P) be a regular tiling of such that any isometry g £ G has no fixed 
point. Let {A, B) £ M^^^ x be such that (HI) is satisfied, det A^O and each eigenvalue X of 
A satisfies |A| 7^ 1, and let f : M = R^/G — t- H 6e defined by f{x) = Ax + B. Then almost every 
point X £M. is regular for f , with Lyapunov exponents In^i > • • • > In^m, where fii > ■ ■ ■ > fim 
are the absolute values of the eigenvalues of A. Furthermore, In /ii > 0. 

Notice that the existence of (at least) one positive Lyapunov exponent is often considered as a 
characteristic property of a chaotic motion [33|. That property quantifies the sensitive dependence 
on initial conditions. 
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2.6 Equidistribution 

In this section, IHI = T^. Let us consider a discrete dynamical system with an output 



(2.17) 



Xfe+i = Axk + B 
Vk = Cxk 



where xq G T''^, A G Z^^^, b G and C G J}'^^ . It should be expected that the output yk inher- 
its the chaotic behavior of the state Xk- However, Devaney's definition of a chaotic system cannot 
be tested on the sequence {yk)-, since this sequence is not defined as a trajectory of a dynamical 
system. Rather, we may give a condition ensuring that the sequence (y^) is equidistributed (hence 
dense) in T for a.e. xq, a property which may be seen as an ersatz of (C2). 

\i X = (Xi, ...,Xiv),^ = (5^1, ...,yAr) are any given points in [0, 1)^ and x = X, y = y, then 
we say that x < y (resp., x ^ y) \i Xi < Yi (resp., Xi ^ Yi) for i = 1, ...,N. The set of points 
z G such that x ^ z < y will be denoted by [x, y). Let {xk)k^o be any sequence in T^. For any 
subset E of T^, let Sk{E) denote the number of points Xk, Q ^ k ^ K — 1, which lie in E. 

Definition 15 J71|/ We say that (xk) is uniformly distributed modulo 1 ('or equidistributed in ) 
if 

^J£My)l=rn{[x,y))=ll{Y,-X,) 

i=l 

for all intervals [x,y) C T^. 

The following result is very useful to decide whether a sequence is equidistributed or not. 

Proposition 16 (Weyl criterion JT^/ , jl^/j The sequence {xk)k^o is equidistributed in T'^ if, 
and only if, for every lattice point p G P 7^ 

— y e^'-P-^^ ^0 asK^+oo. 
K ^ 

Q^k<K 

The next result shows that under the same assumptions as in Corollary |8| the sequences (xk) and 
{yk) are respectively equidistributed in and T for a.e. initial state xq G T^. 

Theorem 17 Let A G Z^^^, 6 G and C G Z^^^ \ {0}. Assume that det ^ / and that A 
has no roots of unity as eigenvalues (hence S^^^ is chaotic). Then for a.e. xq G the sequence 
(xk) (defined in { 2.11{ )) is equidistributed in T^, and the sequence (yk) = (Cxk) is equidistributed 
in T. 

Proof: By virtue of Theorem ^, the map f{x) = Ax + 6 is ergodic on T^. It follows then from 
Birkhoff Ergodic Theorem (see e.g. |3^, Thm 1.14]) that for any h G L^(T^,(im) and for a.e. 
xo G 

17 Y] h{f''{xo))^ I h{y)dm{y) as K ^ 

Osik<K "^^ 

Therefore, for every lattice point p G Z^, p ^ 0, and for a.e. xq G 

1 Y e2"^f^'(^°) ^ / e^^'Py dm{y) = as ^ +oo. 

As Z^ \ {0} is countable, the same property holds for a.e. xq G and all p G Z^ \ {0}. Therefore, 
we infer from Weyl criterion that the sequence (xfc) = {f^ixof) is equidistributed for a.e. xq G T^. 
Pick any xq G such that (xfc) is equidistributed, and let us show that the output sequence 
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iyk) = (Cxk) is also equidistributed provided that C = {Ci, ...,Cn) 7^ (0, ...,0). Indeed, for any 
p G Z \ {0} 

1 y- ^2nipy, = 1 y e^^iipC)x, ^ Q as ^ +00, 
K ^ K ^ 

hence the equidistribution of (yk) follows again by Weyl criterion. ■ 

Remark 18 For a regular tiling [G, P) of M^, even if the sequence {xk) is equidistributed in H, 
the output {uk) fails in general to he equidistributed in T. This is clear when one considers a regular 
tiling ofM? with the triangle P = {X = {Xi,X2); Xi ^ 0, X2 ^ 0, X1+X2 ^ 1} as fundamental 
tile, and C = (1 0). 

3 Synchronization and information recovering 

The aim of this section is to suggest a chaos-based encryption scheme involving affine transforma- 
tions on the homogeneous space H associated with some regular tiling of M^. We shall provide 
conditions which guarantee a synchronization with a finite-time stability of the error despite the 
inherent nonlinearity of the chaotic systems under study. 

3.1 Encryption setup 

Assume given a reg ular tihng (G, P) of and a pair {A, B) G M^^^xM^ fulfihing the assumptions 
of Theorem |l^. For the sake of simplicity, assume further that M^/G' = T^, so that T' = [0, 1)^. 
Let w : — )• T and zu' : — )• T' denote the projections on the fundamental domains of (G, P) 
and {G',P'), respectively. Set for A; G N and X G 



(3.18) Wk{X) 



-uj'{X) if /c (iV + 1)N; 
m{X) if ke (7V + 1)N. 



At each discrete time k, a symbol nik G R (the plaintext) of a sequence {mk)k^o is encrypted 
by a (nonlinear) encrypting function e which "mixes" ruk and Xk and produces a ciphertext Uk = 
e{Xk,mk)- We also assume given a decrypting function d such that = d{Xk,Uk) for each 



k. Next, the ciphertext Uk is embedded in the dynamics (2^). We shall consider the following 
encryption 



(3.19) (Sa,b,m,c) 



Xk+i = zuk{A{Xk + Muk) + B} 
Yk =C{Xk + Muk) 



which corresponds to an embedding of the ciphertext in both the dynamics and the output. In 
(|3T9| ), a G Z^^^, M G Z^^\ and G G Z^^^ are given matrices, and B G R^. Yfc G R is the 



output conveyed to the receiver through the channel. 

From the definition of the decrypting function d, it is clear that to retrieve m^. at the decryption 
side we need to recover the pair {Xk,Uk), which in turn calls for reproducing a chaotic sequence 
(Xfc) synchronized with (X^) (i.e., such that X^ — X^ — t- 0). To this end, we propose a mechanism 
based on some suitable unknown input observers, inspired from the ones given in |17, 18, 25, 27|. 
We stress that the gain matrices have to be Z-valued here. 

For the encryption considered here, the decryption involves the following observer-like structure 

.^^n^ (Y \ / =^k{AXk + L{Yk-%) + B} 

(3.20) (SAB,Af,c) I ^^^^ 
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where L G Z^^-^, Xj^ G M.^ and G M {Xq being an arbitrary point in M^). Let X denote the 
class of X modulo G' , i.e. in T^. Set = - Xfc for all A; ^ 0. Noticing that for aU X G 

Wk{X) = w'iX) = X for 1 ^ A; ^ iV, 

we obtain by subtracting ( |3.20| ) from (|3.19D that the error dynamics reads 

(3.21) Cfc+i = {A- LC)ek + iA- LC)Muk, 1 ^ A; ^ iV. 

Before proceeding to the design of the observers, we give a few definitions and a preliminary 
result. 



3.2 Definitions and preliminary results 

Definition 19 A pair {A^,C^) is said to be in a companion canonical form if it takes the form 



( -a^-i 1 
1 



(3.22) 



A' 



-a 








\ 


1 

/ 



1 







It is well known that the characteristic polynomial of reads XA'i^) ~ + a^~^\^~^ 



+ ••• + 



Definition 20 Two pairs {A,C) and {A\&) m Z^^^ x Z^^^ are said to be similar over Z if 
there exists a matrix T G Z,^^^ with det T = ±1 (hence G Z^^^ too) such that 



A = T-'A'T, C = CT. 

The following result provides a sufficient condition for an observable pair [A, C) to admit a 
Z- valued gain matrix L such that A — LC is Hurwitz. 



7NxN 
7lxN 



and C G 



7lx7V 



be two matrices such that {A, C) is similar over '. 



N-l 



Proposition 21 Let A G 

to a pair (A'', C^) G Z^^^ x J?-^'^ in a companion canonical form. Let us denote by {—a 
a^y the first column of Al . Then there exists a unique matrix L G Z^^^ such that the matrix A— LC 
is Hurwitz (i.e., sp{A — LC) C G C; \z\ < 1} ), namely L = T^^L^ with L' 



-a 



N-l 



-a 



Furthermore, {A — LC)^ = 0. 



Proof. Write A = T'^A^T, C = &T, with (#, C^) as in (|^) and T G Z^>^^ with det T = ±1. 
For any given matrix L G Z^^^, we define the matrix L^ = {I 
A-LC = r-i(# - L^&)T with 



N-l 



/u)' by L^ = TL. Then, 



iN-l 



N-2 



-a 



-a 



1 

1 







\ 



1 

/ 



Its characteristic polynomial reads 
Xa^-L!'C^W 



+ (a^-1 + /^-i)A^-i + . . . + (al + /i)A + {a' + f). 
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If L is such that A - LC \s Hurwitz, then # - L^C^ = T{A - LC)T-^ is Hurwitz too, hence we 
may write XA-Lc{^) = Xa^-l^c^W ~ ^^xi'^)^ where p G {0, ...,A''} and x S Z[A] has its roots 
Ai, ...,X]\j-p in the set {z S C; < \z\ < 1}. Assume that p < N, and denote by q the constant 



coefficient of x- Then q ^ (since x(0) ^ 0), and \q\ = YliLi' < which is impossible, since 

-a^ for any j E {0, ...,N — 1} (hence and L are unique). On 



q £ Z,. Therefore p 
the other hand 



(3.23) 



N and P 



/ 1 
1 



V 

\N _ 



\ 



1 

/ 



0. 



For this choice of L, XA-Lc{^) = ^ and {A — LC) 
It should be emphasized that the above argument shows that a Z-valued matrix M is Hurwitz if 
and only if it is nilpotent. In other words, the system v^j^i = Nv^ is asymptotically stable if and 
only if it is finite-time stable. 

We are now in a position to state the second main result of this chapter. 



Theorem 22 Let {G,P) be a regular tiling o/M^, and let {A,B) G 



vNxN 



be such that (HI) 



and (H2) are fulfilled with M^/G' = T'^. Assume given C € 1?-^^ such that {A, C) is similar over 
7j to a pair {A^,C^) in a companion canonical form. Then one can pick two matrices L G Z^^^ 
and M G Z^^i so that {A - LC)M = and CM = 1. Furthermore 

Xk = Xk and Uk = Yk-Yk V/c ^ iV + 1. 



Proof Let T, A\ C\ L and be as in the proof of PropositionJTl Set = (1 • • • 0)' and M = 
T-^M^ Then {A-LC)M = T-^{A^ -L^&)T-T-^M^ = by (|3!23|) , and CM = C^T-P-'^M^ = 1. 



On the other hand, it follows from ( p. 21 ) and the choice of M that 



ek+i = iA-LC)ek Vfc G {1, iV} 



hence e^+i = {A — LC) ei = 0. Since Xjv+i and Xn+i belong to T' by construction, we have 

that Xn+1 = Xn^i. To complete the proof, it is sufficient to prove the following 

Claim. For any k ^ 0, X^ = X^ implies X^+i = Xk+i. 

Indeed, using the fact that [A — LC)M = and X^ = X^ we obtain that 



Xk+i = Wk{AXk + LC{Xk + Muk 
= TUkiAXk + AMuk + B) 
= Xk+i. 



Xk) + B) 



This completes the proof of Theorem 22 



Remark 23 (i) The projection Wk{x) allows to switch between the dynamics ( ^.15| ) and ( |2.16| ) 
in M./G and R/G', respectively. For a dynamics in only (C = C), one can replace Wk{x) 
by w^x) (the projection onto [0, 1)^J. 



(a) The result in Theorem 2^ remains true if we take vj^ix) = vj'ix) fork ^ A'" andwk{x) = w(x) 



for k ^ N + 1. However, the definition of Wk{x) in ( ^.18 ) guarantees that a finite time 



synchronization occurs even if the output is not transmitted at some times. Such a property 
may be useful for the secured transmission of video sequences. 
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(in) The output = C{Xk+Muk) may he replaced hyY^ = hiY^), where /i : M — )• M is a nonlinear 
invertible map. This renders the analysis of the dynamics of much more complicated. 

(iv) In practice, when H = T^, the matrices A,C,L and M may be constructed in the following 
way. Pick any matrix T = [T^] e Z^^^ with Tij = for i > j and Ti^i = 1 for all i. We 
set T = T' T. Note that det T = det T = 1. Next, we pick a pair {A^,C^) in a companion 
canonical form so that the roots of Xa' '^^ ''^^^ belong to the set {0} U {z G C; \z\ = 1}. Then 
A, C, L and M are defined by 

A = T-^A^T, C = &T, L = T-^A\&)', and M = T-^{&)'. 



3.3 Numerical simulations 

This section is borrowed from [26|. Assume EI = and consider the dynamical system (Syi^^.M.c) 





with 

/ -19 26 7 
^= -51 65 17 L C = (6 - 5 - 1), 6 = 0. 
\ 152 -184 -47 

{TiA,b) is chaotic by virtue of Theorem |5|, since det yl = 3 (hence det A^ Q) and the eigenvalues of 
A are -3, -0.4142, 2.4142 [A has no roots of unity as eigenvalues). The pair {A,C) is similar over 
Z to the pair {Al ,C^) in companion canonical form, where 

= (10 0) and T 

According to Proposition ^1|, the unique matrix L S Z^^^ such that A — LC is Hurwitz is L = 
T-^L\ with = (-1 7 3)"^. We obtain L = (-2 - 6 19)^. The corresponding matrix M G I?"^^ 
such that {A - LC)M = and CM = 1 is M = (1 2 - 5)^. 

The information to be masked is a flow corresponding to integers ranging from to 255. The data 
are scaled to give an input ranging from to 1, and are embedded into the chaotic dynamics 
of {'^A,b,M,c)- From a practical point of view, the transmitted signal yt cannot be coded with an 
infinite accuracy and so it has to be truncated for throughput purpose. The observer (Syi,6,M,c) 
is used in order to recover the information. Numerical experiments bring out that the number of 
digits of the conveyed output can actually be limited without giving rise to recovering errors. The 
results reported in Fig. ^ show a perfect recovering for a number of digits of y^ equal to 4 (this is the 
minimum number required for perfect retrieving). The recovering error reaches zero after 3 steps, a 
fact which is consistent with above theoretical results on finite time synchronization (A^ = 3). The 
figure highlights the fact that even though the state reconstruction may not be perfect (residual 
errors due to truncations), a perfect information reconstruction is nevertheless achieved. 

Remark 24 Actually, for any system T,a,b,ai,Cj the numerical computations can he performed in 
an exact way, i.e. without rounding errors, provided that the number of digits is sufficiently large. 



3.4 Concluding remarks 

The message-embedding masking technique studied here does not originate from the conventional 
cryptography (see |lH] for a good survey). Nevertheless, it seems to be highly related to some 



popular encryption schemes, the so-called stream ciphers [19|. Therefore, it is desirable that the 



proposed scheme be robust against both statistical and algebraic attacks. On one hand, the ro- 
bustness against statistical attacks follows from the chaotic behavior of the output. On the other 
hand, the security against algebraic attacks rests on the difficulty to identify the parameters of the 
system. The identification of the parameters is here a hard task for two reasons: 
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Figure 7: A : error on the recovered information — n^; B : state reconstruction error — Xk 



(i) The particular structure of the encryption system {'^a,b,m,c)i that is the dimension of the 
matrix A and the tihng of the space used, is assumed to be unknown; 

(ii) The ciphertext actually results from a mixing between the plaintext and the state X]^ 
{uk = e{Xk,mk))- This generally results in a nonlinear dynamics {^a,b,m,c), rendering the 
parameters hardly identifiable p 



A real-time implementation has already been carried out on an experimental platform involving a 
secured multimedia communication. (For details about the platform, see e.g. ||T6[] ). 
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